Patterns are based on scientific sources.
Name | The Absence of Indicators |
Sources | (Egelman, 2009) |
Synonyms | None |
Context | An indicator should be used when a danger has been detected, or additional information is available which may lead the user to believe the a website is unsafe. |
Problem | Some indicators indicate positive things, thus, users are supposed to be alerted when these indicators do not appear on a webpage. However, many users are unalarmed by the absence of these indicators or simply fail to take notice. |
Solution | Users should not be expected to notice the absence of an indicator. Instead of using positive indicators when at a “good” website, use a negative indicator to indicate a “bad” website. |
Examples | The SiteKey indicator as used by PNC bank. For this security indicator to be effective, the user is required to notice the absence of the tiger picture on a spoofed PNC website. Source: (Egelman, 2009) |
Implementation | When using warning message to distinguish between good and bad websites, do not use indicators to denote good websites. Either use warning message when encountering bad websites, since there will be less of an incentive to spoof these, or use pervasive contextual indicators. Both types of indicators should be inserted by the web browser so that website designers will have a harder time spoofing the indicators. |
Consequences | Building on Noticeable Contextual Indicators, absent indicators are rarely noticed because there is nothing to examine at the user’s focus of attention. When positive indicators are used for trust, attackers can also mimic them and confuse the user. Most users do not know the difference between chrome and content, therefore there is an incentive for the attacker to spoof positive indicators. When negative indicators are used, there are fewer incentives for the attacker to spoof them. |
Dependencies | None |
Relationships | [Noticeable Contextual Indicators] |
Principles | [Consistent Controls and Placement] |
Guidelines | None |
Check lists | None |
Use cases | None |
Tags | The Absence of Indicators, Noticable Contextual Indicators, Fail Safety, Expectation Conformity |
Log history | [12/21/2015]: Added to repository |
Egelman, S., 2009. Trust me: Design patterns for constructing trustworthy trust indicators. ProQuest.